Methods for authenticating an identity of an entity are known that are based on something the entity knows, something the entity has, a biological characteristic of the entity (sometimes referred to as something the entity is) or some combination of those things. One such computer-based authentication method involves the communication of a secret that is unique to a particular entity or user. The entity that is seeking authentication transmits the secret to a verifier who authenticates the identity of the entity. Typically, an entity communicates both identifying information (such as a user name) and a secret (such as a password) to the verifier. The verifier typically possesses records that associate a secret with each entity. If the verifier receives a secret that matches an appropriate record, the authentication of the entity is successful. If the verifier receives an incorrect secret, the authentication fails.
Time-based authentication systems also associate an entity with a secret, typically a number, which is unique to that entity. These systems generally perform some algorithmic processing of the secret to generate an authentication code that is ultimately used to authenticate the entity. Some time-based systems use a dynamic variable to calculate a non-predictable authorization code that ultimately authenticates the entity. Here, “non-predictable” means that the authorization code is not predictable by a party that does not know the associated secret, the algorithm for calculating the code, or both. The dynamic variable may comprise any code, typically a number, which is defined and determined by the interval of time in which an authentication code is generated. The dynamic variable can change according to any interval of time, e.g., 2 minutes, 5 minutes, 1 hour and the like. Because in these systems the authentication code changes from time to time, intercepted authentication information has a limited value because it cannot be used for authentication in the future.
The user may employ a device to algorithmically compute the correct authentication code for a particular time. The algorithm is typically provided to the user in the form of a hardware token loaded with a program for carrying out the predetermined algorithm, although it may be provided as software executing on a general-purpose computer. The device may also allow the user to input a second, personally selected secret, such as a personal identification number (PIN) in order to generate a correct authentication code. Only a correctly entered PIN produces a correct authentication code for a particular time. One such device is the SECURID authentication token, available from RSA Security Inc. of Bedford, Mass. These devices can display the generated authentication code to the user, who may then communicate the authentication code to the verifier.
Although the dynamic nature of the generated authentication codes in these systems avoids problems inherent with using fixed authentication codes, if such a device is left unattended it is still vulnerable to attack. A third party attacker may enter multiple guesses for the personally selected secret values during an authentication time period. By associating each personally selected secret with the resulting authentication code generated by the device, an attacker may mathematically solve or otherwise determine the personally selected secret. A similar problem could occur if the user mistakenly provides one or more incorrect secret values and communicates one or more incorrect authentication codes on an insecure channel before communicating a correct authentication code generated from a correct secret value. An eavesdropping attacker can obtain sufficient information from these exchanges to mathematically solve for or otherwise determine the personally selected secret. Although this form of attack could be thwarted by always transmitting the authentication code on a secure channel (such as one using encryption), such channels are not available in all environments or at all times. Thus, despite the security advantages of dynamic authentication code methods, some security disadvantages remain.